<html>
<head><meta charset="utf-8"><title>Github vuln notifications · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Github.20vuln.20notifications.html">Github vuln notifications</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="176185127"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Github%20vuln%20notifications/near/176185127" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Github.20vuln.20notifications.html#176185127">(Sep 20 2019 at 11:45)</a>:</h4>
<p>So somebody's built a thing that parses RustSec and notifies you if your repo is vulnerable: <a href="https://blog.firosolutions.com/2019/09/github-rust-firo/" target="_blank" title="https://blog.firosolutions.com/2019/09/github-rust-firo/">https://blog.firosolutions.com/2019/09/github-rust-firo/</a></p>



<a name="176185876"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Github%20vuln%20notifications/near/176185876" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Gaynor <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Github.20vuln.20notifications.html#176185876">(Sep 20 2019 at 11:59)</a>:</h4>
<p>Doesn't github itself already do this?</p>



<a name="176213657"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Github%20vuln%20notifications/near/176213657" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Github.20vuln.20notifications.html#176213657">(Sep 20 2019 at 17:29)</a>:</h4>
<p>I'm not sure if Github reads from RustSec, probably not. This does.</p>



<a name="176242087"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Github%20vuln%20notifications/near/176242087" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Gaynor <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Github.20vuln.20notifications.html#176242087">(Sep 21 2019 at 00:58)</a>:</h4>
<p>DependaBot is aware of rustsec I think, so I'd expect github's thing does</p>



<a name="176380279"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Github%20vuln%20notifications/near/176380279" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Github.20vuln.20notifications.html#176380279">(Sep 23 2019 at 15:38)</a>:</h4>
<p>I saw that. It looked cool, but I was also curious about Dependabot</p>



<a name="176411740"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Github%20vuln%20notifications/near/176411740" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Thom Chiovoloni <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Github.20vuln.20notifications.html#176411740">(Sep 23 2019 at 21:33)</a>:</h4>
<p>Github isn't aware of rustsec yet. Or wasn't ~2 months ago, I haven't checked since then.</p>



<a name="176418395"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/Github%20vuln%20notifications/near/176418395" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/Github.20vuln.20notifications.html#176418395">(Sep 23 2019 at 23:19)</a>:</h4>
<p>I've talked with people at GitHub about first class support quite a bit. I don't think it's on their roadmap yet, but maybe soon</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>